Method and system for initiating a transfer of resources

ABSTRACT

A server comprises a communications module; a processor coupled with the communications module; and a memory coupled to the processor and storing processor-executable instructions which, when executed by the processor, configure the processor to authenticate a user via a first authentication channel; receive, via the communications module and from a computing device associated with the user, a signal representing a request to transfer a first quantity of resources; determine that the first quantity of resources is less than a first threshold associated with the first authentication channel; obtain identity data associated with the request to transfer the first quantity of resources; determine, based on the identity data, that a request to transfer a second quantity of resources has been previously initiated by the user via a second authentication channel that is different than the first authentication channel; and determine that the sum of the first quantity of resources and the second quantity of resources is less than the first threshold, and in response to determining that the sum of the first quantity of resources and the second quantity of resources is less than the first threshold, initiate the transfer of the first quantity of resources.

CROSS-REFERENCE TO RELATED APPLICATIONS

This application is a continuation of U.S. patent application Ser. No.16/930,421, filed Jul. 16, 2020, the entire contents of which areincorporated herein by reference.

TECHNICAL FIELD

The present application relates to transferring resources, and, moreparticularly, to methods and systems for initiating a transfer ofresources.

BACKGROUND

E-commerce systems have evolved to allow customers to purchaseresources, such as precious metals, online.

Some such e-commerce systems are provided by financial institutions. Forexample, a financial institution may allow a user or customer topurchase precious metals such as gold, silver, etc. over the internetand may arrange to have the purchased precious metals shipped ordelivered to the customer's address.

Limits may be placed on transactions that are conducted over a period oftime. For example, a customer may be limited to only purchasing acertain amount or a certain value of resources within a particular day.However, since these orders are received electronically, customers maycircumvent these limits by purchasing the resources using variouschannels.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments are described in detail below, with reference to thefollowing drawings:

FIG. 1 is a schematic operation diagram illustrating an operatingenvironment of an example embodiment;

FIG. 2 is a simplified schematic diagram showing components of acomputing device;

FIG. 3 is a high-level schematic diagram of an example computer device;

FIG. 4 shows a simplified organization of software components stored ina memory of the example computer device of FIG. 3 ;

FIG. 5 is an example user interface according to an embodiment;

FIG. 6 is a flowchart showing operations performed by a server ininitiating a transfer of resources according to an embodiment;

FIG. 7 is an example user interface according to an embodiment;

FIG. 8 is an example user interface according to an embodiment;

FIG. 9 is a flowchart showing operations performed by a server indetermining if a second authentication channel is the same as a firstauthentication channel according to an embodiment;

FIG. 10 is a flowchart showing operations performed by a server ininitiating a transfer of resources according to an embodiment;

FIG. 11 is a flowchart showing operations performed by a server ininitiating a transfer of resources according to an embodiment; and

FIG. 12 is a flowchart showing operations performed by a server ininitiating a transfer of resources according to an embodiment.

Like reference numerals are used in the drawings to denote like elementsand features.

DETAILED DESCRIPTION OF VARIOUS EMBODIMENTS

Accordingly, in one aspect there is provided a server comprising acommunications module; a processor coupled with the communicationsmodule; and a memory coupled to the processor and storingprocessor-executable instructions which, when executed by the processor,configure the processor to authenticate a user via a firstauthentication channel; receive, via the communications module and froma computing device associated with the user, a signal representing arequest to transfer a first quantity of resources; determine that thefirst quantity of resources is less than a first threshold associatedwith the first authentication channel; obtain identity data associatedwith the request to transfer the first quantity of resources; determine,based on the identity data, that a request to transfer a second quantityof resources has been previously initiated by the user via a secondauthentication channel that is different than the first authenticationchannel; and determine that the sum of the first quantity of resourcesand the second quantity of resources is less than the first threshold,and in response to determining that the sum of the first quantity ofresources and the second quantity of resources is less than the firstthreshold, initiate the transfer of the first quantity of resources.

In one or more embodiments, the first authentication channel includes adirect authentication channel that comprises authenticating the userbased on a username and password.

In one or more embodiments, the second authentication channel does notrequire the username and password.

In one or more embodiments, the second authentication channel includesan indirect authentication channel that comprises authenticating theuser via a digital identity network.

In one or more embodiments, the second authentication channel includesan unauthenticated channel that does not require authenticating theuser.

In one or more embodiments, the processor-executable instructions, whenexecuted by the processor, further configure the processor to determinethat the sum of the first quantity of resources and the second quantityof resources exceeds the first threshold, and in response to determiningthat the sum of the first quantity of resources and the second quantityof resources exceeds the first threshold, initiate a transfer of a thirdquantity of resources that is determined as a difference between thefirst threshold and the second quantity of resources.

In one or more embodiments, the processor-executable instructions, whenexecuted by the processor, further configure the processor to send, viathe communications module and to the computing device, a signal causingthe computing device to display a notification indicating the thirdquantity of resources.

In one or more embodiments, the signal causes the computing device todisplay a prompt requesting the user to accept or reject transfer of thethird quantity of resources and wherein the transfer of the thirdquantity of resources is initiated in response to receiving a signal,via the communications module and from the computing device, indicatingthat the user has accepted the transfer.

In one or more embodiments, the processor-executable instructions, whenexecuted by the processor, further configure the processor to determinethat the second quantity of resources exceeds the first threshold, andin response to determining that the second quantity of resources exceedsthe first threshold, reject the transfer of the first quantity ofresources.

In one or more embodiments, the second authentication channel isassociated with a second threshold that is different than the firstthreshold.

According to another aspect there is provided a computer-implementedmethod comprising authenticating a user via a first authenticationchannel; receiving, via a communications module and from a computingdevice associated with the user, a signal representing a request totransfer a first quantity of resources; determining that the firstquantity of resources is less than a first threshold associated with thefirst authentication channel; obtaining identity data associated withthe request to transfer the first quantity of resources; determining,based on the identity data, that a request to transfer a second quantityof resources has been previously initiated by the user via a secondauthentication channel that is different than the first authenticationchannel; and determining that the sum of the first quantity of resourcesand the second quantity of resources is less than the first threshold,and in response to determining that the sum of the first quantity ofresources and the second quantity of resources is less than the firstthreshold, initiating the transfer of the first quantity of resources.

In one or more embodiments, the first authentication channel includes adirect authentication channel that comprises authenticating the userbased on a username and password.

In one or more embodiments, the second authentication channel does notuse the username and password.

In one or more embodiments, the second authentication channel includesan indirect authentication channel that comprises authenticating theuser via a digital identity network.

In one or more embodiments, the second authentication channel includesan unauthenticated channel that does not require authenticating theuser.

In one or more embodiments, the method further comprises determiningthat the sum of the first quantity of resources and the second quantityof resources exceeds the first threshold, and in response to determiningthat the sum of the first quantity of resources and the second quantityof resources exceeds the first threshold, initiating a transfer of athird quantity of resources that is determined as a difference betweenthe first threshold and the second quantity of resources.

In one or more embodiments, the method further comprises sending, viathe communications module and to the computing device, a signal causingthe computing device to display a notification indicating the thirdquantity of resources.

In one or more embodiments, the signal causes the computing device todisplay a prompt requesting the user to accept or reject transfer of thethird quantity of resources and wherein the transfer of the thirdquantity of resources is initiated in response to receiving a signal,via the communications module and from the computing device, indicatingthat the user has accepted the transfer.

In one or more embodiments, the method further comprises determiningthat the second quantity of resources exceeds the first threshold, andin response to determining that the second quantity of resources exceedsthe first threshold, rejecting the transfer of the first quantity ofresources.

According to another aspect there is provided a non-transitory computerreadable storage medium comprising computer-executable instructionswhich, when executed, configure a processor to authenticate a user via afirst authentication channel; receive, via a communications module andfrom a computing device associated with the user, a signal representinga request to transfer a first quantity of resources; determine that thefirst quantity of resources is less than a first threshold associatedwith the first authentication channel; obtain identity data associatedwith the request to transfer the first quantity of resources; determine,based on the identity data, that a request to transfer a second quantityof resources has been previously initiated by the user via a secondauthentication channel that is different than the first authenticationchannel; and determine that the sum of the first quantity of resourcesand the second quantity of resources is less than the first threshold,and in response to determining that the sum of the first quantity ofresources and the second quantity of resources is less than the firstthreshold, initiate the transfer of the first quantity of resources.

Methods and systems for initiating a transfer of resources are describedbelow. In one or more embodiments, a user may be authenticated through adigital identity network and a permissioned blockchain network may beused to provide the digital identity network. The permissionedblockchain network may only allow blocks to be written to a blockchainby nodes that are granted permission to write to the blockchain. Atleast some such blocks may be related to digital identity data. Forexample, at least some blocks may store a private secret, such as a hashof certain identity-related data. The identity-related data may bestored off-chain but the blockchain may be used to effectively provideproof of the data.

A server authenticates a user via a first authentication channel. Theserver receives a signal that represents a request to transfer a firstquantity of resources and determines that the first quantity ofresources is less than a first threshold associated with the firstauthentication channel. The server obtains identity data associated withthe request to transfer the first quantity of resources and determines,based on the identity data, that a request to transfer a second quantityof resources has been previously initiated by the user via a secondauthentication channel that is different than the first authenticationchannel. The server determines that the sum of the first quantity ofresources and the second quantity of resources is less than the firstthreshold, and in response to determining that the sum of the firstquantity of resources and the second quantity of resources is less thanthe first threshold, the server initiates the transfer of the firstquantity of resources.

Some or all of the above features may be provided by some embodiments.

Other aspects and features of the present application will be understoodby those of ordinary skill in the art from a review of the followingdescription of examples in conjunction with the accompanying figures.

In the present application, the term “and/or” is intended to cover allpossible combinations and sub-combinations of the listed elements,including any one of the listed elements alone, any sub-combination, orall of the elements, and without necessarily excluding additionalelements.

In the present application, the phrase “at least one of . . . or . . . ”is intended to cover any one or more of the listed elements, includingany one of the listed elements alone, any sub-combination, or all of theelements, without necessarily excluding any additional elements, andwithout necessarily requiring all of the elements.

FIG. 1 is a block diagram illustrating an operating environment of anexample embodiment. Various components cooperate to provide a system 100which may be used, for example, to initiate a transfer of resources. Asshown, the system 100 includes a first computing device 110, a server120 and a digital identity network server 130 coupled to one anotherthrough a network 140, which may include a public network such as theInternet and/or a private network.

The server 120 may be associated with an institution and may be aresource transfer server or financial institution server. The server 120may maintain a database that includes various data records. A datarecord may, for example, reflect a transfer of resources. The datarecords may include a quantity (amount and/or value) of the resources, atype of the resources, identity data associated with a customer or userpurchasing or requesting transfer of the resources, and informationindicating an authentication channel used to initiate the transfer ofresources. The identity data may include a name of the customer or userpurchasing or requesting transfer of the resources and an address. Theaddress may be a shipping or delivery address. A threshold defining aquantity of resources that may be purchased using each supportedauthentication channel within a particular time period may be stored inthe database. The threshold may be defined or predefined by anadministrator of the server 120.

The computing device 110 may take a variety of forms such as asmartphone, a tablet computer, a wearable computer such as ahead-mounted display or smartwatch, a laptop or desktop computer, or acomputing device of another type. In certain embodiments, a user mayoperate the computing device 110 to cause the computing device 110 torequest to transfer a quantity of resources. Further, the computingdevice 110 may be used to authenticate the user.

The computing device 110 is adapted to present a graphical userinterface that allows for communication with the server 120. Forexample, the computing device 110 may be adapted to send, to the server120, a signal representing a request to transfer a first quantity ofresources.

The server 120 may be adapted to authenticate a user via a firstauthentication channel. The server 120 may be adapted to receive, fromthe computing device 110, the signal representing the request totransfer the first quantity of resources. The server 120 may be adaptedto determine that the first quantity of resources is less than a firstthreshold associated with the first authentication channel. The server120 may be adapted to obtain identity data associated with the requestto transfer the first quantity of resources. The server 120 may beadapted to determine, based on the identity data, that a request totransfer a second quantity of resources has been previously initiated bythe user via a second authentication channel that is different than thefirst authentication channel. The server 120 may be adapted to determinethat the sum of the first quantity of resources and the second quantityof resources is less than the first threshold, and in response todetermining that the sum of the first quantity of resources and thesecond quantity of resources is less than the first threshold, initiatethe transfer of the first quantity of resources.

The digital identity network server 130 is a server associated with adigital identity network. Although the digital identity network server130 is illustrated as a single block, it may be a network consisting ofnumerous computer systems. For example, the digital identity network maybe a blockchain network which includes a number of nodes. The blockchainnetwork is a decentralized peer-to-peer network in which nodes maymaintain respective copies of an append-only ledger.

The blockchain network may be a permissioned blockchain network in whichonly authorized nodes are permitted to add blocks to the blockchain. Forexample, only verified nodes may be granted permission to write to theblockchain. The verified nodes may be trusted nodes such as nodesassociated with government organizations or other trusted entities suchas banks. By way of example, the verified nodes may be associated with adriver's license bureau, a credit bureau, a government identity issuingoffice such as an entity registry office, or an office of another type.Given ones of these nodes may maintain identity records of varioustypes. For example, a node associated with a passport office maymaintain digital passport records, a node associated with a driver'slicense bureau may maintain digital licensing records, a node associatedwith a credit bureau may maintain digital credit records, and a nodeassociated with a bank may maintain digital banking records. Variousverified nodes may maintain contact information records which may, forexample, specify an email address, postal address, telephone number, orother type of contact information.

Accordingly, at least some verified nodes may write to the blockchain.At least some of the blocks written to the blockchain may be related toidentity data. The digital identity network server 130 may storeidentity data associated with a plurality of users. In at least someembodiments, identity data may not be included in the blockchain.Instead, the blocks may store a private secret that is related to suchidentity data. The private secret may act as proof to the existence ofthe identity data and may be used to verify the authenticity of thedata. For example, in at least some embodiments, the private secret maybe a hash of the identity data such that, when the identity data isprovided to another system (i.e., a system apart from the verified nodemaintaining the identity data), it may be verified from the hash storedin a block on the blockchain.

The blockchain network may, for example, be implemented usingHyperledger Fabric, for example. It will, however, be appreciated thatthe blockchain network may take other forms.

Within the digital identity network, of which the digital identitynetwork server 130 is associated, trusted partners may act as digitalasset providers and digital asset consumers. In actions as a digitalasset provider, a trusted member of the digital identity network mayprovide information about a particular user or customer to anothertrusted member of the digital identity network (e.g. a digital assetconsumer). The requested information may be provided through the digitalidentity network in a blind manner such that the digital asset providerdoes not know the identity of the digital asset consumer and such thatthe digital asset consumer does not know the identity of the digitalasset provider.

The digital identity network server 130 may be adapted to perform one ormore operations consistent with the disclosed embodiments.

The network 140 is a computer network. In some embodiments, the network140 may be an internetwork such as may be formed of one or moreinterconnected computer networks. For example, the network 140 may be ormay include an Ethernet network, an asynchronous transfer mode (ATM)network, a wireless network, a telecommunications network, or the like.

FIG. 1 illustrates an example representation of components of the system100. The system 100 can, however, be implemented differently than theexample of FIG. 1 . For example, various components that are illustratedas separate systems in FIG. 1 may be implemented on a common system. Byway of further example, the functions of a single component may bedivided into multiple components.

FIG. 2 is a simplified schematic diagram showing component of anexemplary computing device 200. Computing device 110 may be of the sametype as computing device 200. The computing device 200 may includemodules including, as illustrated, for example, one or more displays210, an image capture module 220, a sensor module 230, and a computerdevice 240.

The one or more displays 210 are a display module. The one or moredisplays 210 are used to display screens of a graphical user interfacethat may be used, for example, to communicate with the server 120 (FIG.1 ). The one or more displays 210 may be internal displays of thecomputing device 200 (e.g., disposed within a body of the computingdevice).

The image capture module 220 may be or may include a camera. The imagecapture module 220 may be used to obtain image data, such as images. Theimage capture module 220 may be or may include a digital image sensorsystem as, for example, a charge coupled device (CCD) or a complementarymetal-oxide-semiconductor (CMOS) image sensor.

The sensor module 230 may be a sensor that generates sensor data basedon a sensed condition. By way of example, the sensor module 230 may beor include a location subsystem which generates location data indicatinga location of the computing device 200. The location may be the currentgeographic location of the computing device 200. The location subsystemmay be or include any one or more of a global positioning system (GPS),an inertial navigation system (INS), a wireless (e.g., cellular)triangulation system, a beacon-based location system (such as aBluetooth low energy beacon system), or a location subsystem of anothertype.

The computer device 240 is in communication with the one or moredisplays 210, the image capture module 220, and the sensor module 230.The computer device 240 may be or may include a processor which iscoupled to the one or more displays 210, the image capture module 220,and/or the sensor module 230.

Referring now to FIG. 3 , a high-level operation diagram of an examplecomputer device 300 is shown. In some embodiments, the computer device300 may be exemplary of the computer device 240 (FIG. 2 ), the server120, and the digital identity network server 130 (or a node of thedigital identity network).

The example computer device 300 includes a variety of modules. Forexample, as illustrated, the example computer device 300 may include aprocessor 310, a memory 320, a communications module 330, and/or astorage module 340. As illustrated, the foregoing example modules of theexample computer device 300 are in communication over a bus 350.

The processor 310 is a hardware processor. The processor 310 may, forexample, be one or more ARM, Intel x86, PowerPC processors or the like.

The memory 320 allows data to be stored and retrieved. The memory 320may include, for example, random access memory, read-only memory, andpersistent storage. Persistent storage may be, for example, flashmemory, a solid-state drive or the like. Read-only memory and persistentstorage are a non-transitory computer-readable storage medium. Acomputer-readable medium may be organized using a file system such asmay be administered by an operating system governing overall operationof the example computer device 300.

The communications module 330 allows the example computer device 300 tocommunicate with other computer or computing devices and/or variouscommunications networks. For example, the communications module 330 mayallow the example computer device 300 to send or receive communicationssignals. Communications signals may be sent or received according to oneor more protocols or according to one or more standards. For example,the communications module 330 may allow the example computer device 300to communicate via a cellular data network, such as for example,according to one or more standards such as, for example, Global Systemfor Mobile Communications (GSM), Code Division Multiple Access (CDMA),Evolution Data Optimized (EVDO), Long-term Evolution (LTE) or the like.Additionally or alternatively, the communications module 330 may allowthe example computer device 300 to communicate using near-fieldcommunication (NFC), via Wi-Fi™, using Bluetooth™ or via somecombination of one or more networks or protocols. In some embodiments,all or a portion of the communications module 330 may be integrated intoa component of the example computer device 300. For example, thecommunications module may be integrated into a communications chipset.In some embodiments, the communications module 330 may be omitted suchas, for example, if sending and receiving communications is not requiredin a particular application.

The storage module 340 allows the example computer device 300 to storeand retrieve data. In some embodiments, the storage module 340 may beformed as a part of the memory 320 and/or may be used to access all or aportion of the memory 320. Additionally or alternatively, the storagemodule 340 may be used to store and retrieve data from persisted storageother than the persisted storage (if any) accessible via the memory 320.In some embodiments, the storage module 340 may be used to store andretrieve data in a database. A database may be stored in persistedstorage. Additionally or alternatively, the storage module 340 mayaccess data stored remotely such as, for example, as may be accessedusing a local area network (LAN), wide area network (WAN), personal areanetwork (PAN), and/or a storage area network (SAN). In some embodiments,the storage module 340 may access data stored remotely using thecommunications module 330. In some embodiments, the storage module 340may be omitted and its function may be performed by the memory 320and/or by the processor 310 in concert with the communications module330 such as, for example, if data is stored remotely. The storage modulemay also be referred to as a data store.

Software comprising instructions is executed by the processor 310 from acomputer-readable medium. For example, software may be loaded intorandom-access memory from persistent storage of the memory 320.Additionally or alternatively, instructions may be executed by theprocessor 310 directly from read-only memory of the memory 320.

FIG. 4 depicts a simplified organization of software components storedin the memory 320 of the example computer device 300 (FIG. 3 ). Asillustrated, these software components include an operating system 400and an application 410.

The operating system 400 is software. The operating system 400 allowsthe application 410 to access the processor 310 (FIG. 3 ), the memory320, and the communications module 330 of the example computer device300 (FIG. 3 ). The operating system 400 may be, for example, Google™Android™, Apple™ iOS™, UNIX™, Linux™, Microsoft™ Windows™, Apple OSX™ orthe like.

The application 410 adapts the example computer device 300, incombination with the operating system 400, to operate as a deviceperforming a particular function. For example, the application 410 maycooperate with the operating system 400 to adapt a suitable embodimentof the example computer device 300 to operate as the computer device 240(FIG. 2 ), the server 120, and/or the digital identity network server130 (or a node of the digital identity network).

While a single application 410 is illustrated in FIG. 3 , in operationthe memory 320 may include more than one application 410 and differentapplications 410 may perform different operations. For example, in atleast some embodiments in which the computer device 300 is functioningas the computing device 110, the applications 410 may include a bankingapplication. The banking application may be configured for securecommunications with the server 120 and may provide various bankingfunctions such as, for example, the ability to display a quantum ofvalue in one or more data records (e.g. display balances), configuretransfers of data (e.g. bill payments and other transfers), purchasingor transferring of resources and other account management functions.

By way of further example, in at least some embodiments in which thecomputer device 300 functions as the computing device 110, theapplications 410 may include a web browser, which may also be referredto as an Internet browser. In at least some such embodiments, the server120 may be a web server that may serve one or more of the interfacesdescribed herein. The web server may cooperate with the web browser andmay serve as an interface when the interface is requested through theweb browser. For example, the web browser may serve as a mobile bankinginterface. The mobile banking interface may provide various bankingfunctions such as, for example, the ability to display a quantum ofvalue in one or more data records (e.g. display balances), configuretransfers of data (e.g. bill payments and other transfers), purchasingor transferring of resources and other account management functions.

By way of further example, in at least some embodiments in which thecomputer device 300 functions as the computing device 110, theapplications 410 may include a resource transfer application. Theresource transfer application may be configured for securecommunications with the server 120 and may provide various resourcetransfer functions such as, for example, the ability to request atransfer of a quantity of resources. The request to transfer thequantity of resources may include purchasing the quantity of resources.The resource transfer application may or may not require authenticationof a user prior to initiating the transfer of resources. For example,the resource transfer application may require authentication of the userthrough a particular authentication channel which may be based on ausername and password or may include authenticated the user via thedigital identity network. As another example, the resource transferapplication may not require authentication of the user and as such anauthentication channel such as an unauthenticated channel may be used.

By way of further example, in at least some embodiments in which thecomputer system 300 functions as the computing device 110, theapplications 410 may include an electronic messaging application. Theelectronic messaging application may be configured to display a receivedelectronic message such as an email message, short messaging service(SMS) message, or a message of another type. In at least someembodiments, the server 120 or digital identity network server 130 maybe configured, through computer-executable instructions, to send amessage to the computing device 110. For example, the server 120 may beconfigured to send a SMS message to a phone number associated with auser and an electronic messaging application on the computing device 110may be configured to retrieve the message and display the message to theuser. The message may include a link for authenticating the user.

In the following, a user is authenticated using one of a plurality ofauthentication channels. Each authentication channel is associated witha threshold defining a quantity of resources that may be purchased usingthat particular authentication channel.

When a user wishes to purchase or initiate a transfer of resources, theuser may utilize an input interface (such as a keyboard and/ortouchscreen) associated with the computing device 110 to cause thecomputing device 110 to open an application such as a mobile bankingapplication or resource transfer application or may cause the computingdevice 110 to open a webpage via a web browser. Touch gestures, forexample, may be used. In response, a graphical user interface (GUI) maybe displayed on the computing device 110.

An example GUI 500 is shown in FIG. 5 . The GUI 500 allows formanipulation of one or more input fields via the input interfaceassociated with the computing device 110. Touch gestures, for example,may be used to complete each input field. In the example shown in FIG. 5, the GUI 500 includes a first input field 510 which is used to enter ausername of the user, a second input field 520 which is used to enter apassword of the user, a first selectable option 530 which is used toauthenticate the user via the digital identity network and a secondselectable option 540 which is used to initiate the transfer ofresources without authenticating the user. Details of GUI 500 will bedescribed in more detail below.

Embodiments of operations performed by the server 120 will now bedescribed. FIG. 6 is a flowchart showing operations performed by theserver 120 according to an embodiment. The operations may be included ina method 600 which may be performed by the server 120. For example,computer-executable instructions stored in memory of the server 120 may,when executed by one or more processors, configure the server 120 toperform the method 600 or a portion thereof.

The method 600 beings when the server 120 authenticates a user via afirst authentication channel (step 610). The authentication may beperformed using the computing device 110.

In this embodiment, the first authentication channel includes one of adirect authentication channel, an indirect authentication channel or anunauthenticated channel. As mentioned, the server 120 maintains adatabase that includes a threshold defining a quantity of resources thatmay be purchased using each particular authentication channel within aparticular time period. In this embodiment, the time period may be atwenty-four (24) hour time period, a seven (7) day time period, amonthly time period or an annual time period.

The direct authentication channel authenticates the user directly withthe server 120. The user is authenticated based on authorizationinformation such as a secret (e.g., a password, a personalidentification number, etc.), or other identifying data such as, forexample, biometric data (a fingerprint, etc.). The authorizationinformation is input by the user at the computing device 110 and arepresentation of the authorization information is provided to theserver 120. The server 120 may access stored authorization data tovalidate the authorization information input by the user. The server 120may determine that authentication is successful if the authorizationinformation matches the stored authorization data. Once the user hasbeen authenticated, the server 120 may obtain identity data of the usersuch as for example the user's name and address from memory.

In this embodiment, the user may authenticate via the directauthentication channel using GUI 500. Specifically, the user may entertheir username, using the input interface associated with the computingdevice 110, into the first input field 510 and may enter their password,using the input interface associated with the computing device 110, intothe second input field 520.

As mentioned, each authentication channel is associated with a thresholddefining a quantity of resources that may be purchased using thatparticular authentication channel. Each threshold may be a dollar amountor a quantity amount of resources. In this embodiment, the directauthentication channel is associated with a first threshold which may befor example a $10,000 daily limit or may be for example a 10 Oz dailylimit. The type of resource may be gold. As such, a user who hasauthenticated using the direct authentication channel may purchase orinitiate the transfer of gold at a daily limit of $10,000.Alternatively, a user who has authenticated using the directauthentication channel may purchase or initiate the transfer of gold ata daily limit of 10 Oz.

The indirect authentication channel authenticates the user via thedigital identity network associated with the digital identity networkserver 130. In this embodiment, the user may authenticate via theindirect authentication channel by selecting, using the input interfaceassociated with the computing device 110, the first selectable option530.

In response to the user selecting the first selectable option 530, thecomputing device 110 may be directed to an online application, which maybe referred to as a digital ID web application. The digital ID webapplication may be configured to provide, to the computing device 110, aGUI. The GUI may include a selectable option for inputting a selectionof an authentication provider. For example, the GUI may present aplurality of authentication providers and the user may be permitted toselect an authentication provider, using the input interface associatedwith the computing device 110, for which they have previouslyregistered. When input is received indicating that the user has selectedan authentication provider, the computing device 110 is directed to anauthentication provider system associated with the selectedauthentication provider. The selected authentication provider may bereferred to as a digital asset provider. The authentication providersystem may cause the computing device 110 to display a GUI that includesone of more input fields used to enter the authorization information.The GUI may be similar to GUI 500 described above.

The authentication provider system of the selected authenticationprovider may authenticate the user based on authorization informationsuch as a secret (e.g., a password, a personal identification number,etc.), or other identifying data such as, for example, biometric data (afingerprint, etc.).

Once the user has successfully authenticated using the authenticationprovider system of the selected authentication provider, theauthentication provider system may send a signal to the digital identitynetwork server 130 indicating that the user has successfully beenauthenticated. The digital identity network server 130 may send a signalto the server 120 indicating that the user has successfully beenauthenticated. In this manner, the server 120 may be referred to as adigital asset consumer. The signal indicating that the user hassuccessfully been authenticated may include identity data such as theuser's name, address, etc.

The indirect authentication channel may authenticate the user in a blindmanner such that the digital asset provider (the selected authenticationprovider) does not know the identity of the digital asset consumer (theserver 120) and the digital asset consumer (the server 120) does notknow the identity of the digital asset provider (the selectedauthentication provider).

As mentioned, each authentication channel is associated with a thresholddefining a quantity of resources that may be purchased using thatparticular authentication channel. Each threshold may be a dollar amountor a quantity amount of resources. In this embodiment, the indirectauthentication channel is associated with a second threshold which maybe equal to the first threshold. For example, the second threshold maybe for example a $10,000 daily limit or may be for example a 10 Oz dailylimit. The type of resource may be gold. As such, a user who hasauthenticated using the indirect authentication channel may purchase orinitiate the transfer of gold at a daily limit of $10,000.Alternatively, a user who has authenticated using the indirectauthentication channel may purchase or initiate the transfer of gold ata daily limit of 10 Oz.

The unauthenticated channel does not require the user to authenticateprior to initiating a request to transfer resources. For example, theuser may choose to skip authentication and may only be required to entertheir name and address to initiate the transfer of resources. Putanother way, the unauthenticated channel does not require the user toinput authorization information such as a username and a password.

In this embodiment, the user may initiate the transfer of resourceswithout authenticating by selecting, via the input interface associatedwith the computing device 110, the second selectable option 540.

As mentioned, each authentication channel is associated with a thresholddefining a quantity of resources that may be purchased using thatparticular authentication channel. Each threshold may be a dollar amountor a quantity amount of resources. In this embodiment, theunauthenticated channel is associated with a third threshold which maybe less than the first threshold. For example, the third threshold maybe for example a $3,000 daily limit or may be for example a 3 oz dailylimit. The type of resource may be gold. As such, a user who has notauthenticated (or has chosen to use the unauthenticated channel) maypurchase or initiate the transfer of gold at a daily limit of $3,000.Alternatively, a user who has not authenticated (or has chosen to usethe unauthenticated channel) may purchase or initiate the transfer ofgold at a daily limit of 3 oz.

The server 120 receives, from computing device 110, a signalrepresenting a request to transfer a first quantity of resources (step620).

Once the user has authenticated via the first authentication channel,the server 120 may send a signal that causes a GUI 700 to be displayedon the computing device 110 as shown in FIG. 7 . The GUI 700 includes afirst input field 710 which is used to enter the type of resource theuser would like to purchase or initiate a transfer of and a second inputfield 720 which is used to enter a quantity of resources the user wouldlike to purchase or initiate the transfer of, which may be referred toas a first quantity of resources. The first input field 710 may be, forexample, a drop down menu that displays a list of types of resources theuser would like to purchase or initiate the transfer of. Alternatively,the first input field 710 may require the user to enter the name of theresource that the user would like to purchase or initiate the transferof. The second input field 720 may require the user to enter thequantity of resources the user would like to purchase or initiate thetransfer of. The quantity of resources may be a dollar amount or may bea weight (such as for example ounces, etc.) that the user would like topurchase or initiate the transfer of. The GUI 700 allows formanipulation of the input fields 710, 720 via the input interfaceassociated with the computing device 110.

The GUI 700 includes a selectable option 730 which is used to submit theinput entered into the input fields 710, 720. A touch gesture, forexample, may be used to select the selectable option 730. In response tothe user selecting the selectable option 730, a signal representing therequest to transfer the first quantity of resources is sent from thecomputing device 110 to the server 120. The signal includes the type ofresources and the first quantity of resources entered by the user in theinput fields 710, 720.

In response to the user selection the selectable option 730, the server120 may send a signal causing the computing device 110 to display a GUIthat includes one or more input fields or selectable options regardingpayment. For example, when the user has authenticated using directauthentication, the one or more input fields or selectable options mayinclude payment using an account associated with the user or paymentusing a credit card of the user. When the user has authenticated usingindirect authentication, the one or more input fields or selectableoptions may include payment using an account associated with the user(via the digital identity network associated with the digital identitynetwork server 130) or payment using a credit card of the user. When theuser has not authenticated (or has chosen to use the unauthenticatedchannel), one or more input fields or selectable options may includepayment using a credit card. It will be appreciated that when the userwishes to pay using a credit card, the GUI may include one or more inputfields for the user to enter their credit card information via the inputinterface associated with the computing device 110.

The server 120 determines that the first quantity of resources is lessthan a first threshold associated with the first authentication channel(step 630).

The server 120 compares the first quantity of resources to a thresholdassociated with the first authentication channel. As mentioned, eachauthentication channel is associated with a threshold defining aquantity of resources that may be purchased using that particularauthentication channel.

When it is determined that the first quantity of resources is greaterthan the first threshold, the server 120 may send a signal to thecomputing device 110, the signal causing the computing device 110 todisplay a message indicating to the user that the first quantity ofresources exceeds the first threshold and may prompt the user to enter anew quantity of resources.

When it is determined that the first quantity of resources is less than(or equal to) the first threshold, the server 120 continues to step 640.Specifically, the server 120 obtains identity data associated with therequest to transfer the first quantity of resources (step 640). In thisembodiment, the identity data includes the name of the user and anaddress of the user.

When the user has authenticated using the direct authentication channel,the server 120 obtains the identity data from a database.

As mentioned, when the user has authenticated using the indirectauthentication channel, identity data may be sent by the digital assetprovider to the digital identity network server 130. As such, when theuser has authenticated using the indirect authentication channel, theserver 120 obtains the identity data from the digital identity networkserver 130.

When the user has not authenticated (or has chosen to use theunauthenticated channel), the server 120 may send a signal to thecomputing device 110 that causes a GUI 800 to be displayed on thecomputing device 110, as shown in FIG. 8 . As can be seen, the GUI 800includes a first input field 810 which is used to enter the name of theuser and a second input field 820 which is used to enter an address ofthe user. The address of the user may be a shipping address of the user.The GUI 800 allows for manipulation of the input fields 710, 720 via theinput interface associated with the computing device 110.

The GUI 800 includes a selectable option 830 which is used to submit theidentity data entered into the input fields 810, 820. A touch gesture,for example, may be used to select the selectable option 830. Inresponse to the user selecting the selectable option 830, a signalrepresenting the identity data is sent from the computing device 110 tothe server 120. As such, the server 120 obtains the identity data.

The server 120 performs a check, based on the identity data, todetermine if a request to transfer a second quantity of resources hasbeen previously initiated by the user within the time period (step 650).

In this embodiment, the server 120 searches the database for datarecords that have been created within a particular time period, such asfor example within the same day. Put another way, the server 120searches the database for data records that may be relevant to the dailylimit for transferring resources. Within the data records that have beencreated within the particular time period, the server 120 searches fordata records that include at least some matching identity data to theobtained identity data. For example, the server 120 may search thedatabase based on the user's name and/or address.

When the server 120 does not find any data records that include at leastsome matching identity data, the server 120 initiates the transfer ofthe first quantity of resources (step 660). To initiate the transfer ofthe first quantity of resources, the server 120 may process paymentbased on the user's account or credit card and may initiate obtainingand sending the first quantity of resources to the user based on theobtained identity data.

When the server 120 finds one or more data records that include at leastsome matching identity data, that is, the identity data includes atleast the same name and/or address, the server 120 continues to a method900 shown in FIG. 9 . The operations included in method 900 may beperformed by the server 120. For example, computer-executableinstructions stored in memory of the server 120 may, when executed byone or more processors, configure the server 120 to perform the method900 or a portion thereof.

The server 120 obtains the quantity of resources stored in the one ormore data records (which may be referred to as the second quantity ofresources) that were previously initiated by the user within the timeperiod. The server 120 also obtains information identifying theauthentication channel used to initiate the transfer of the secondquantity of resources. The authentication channel may be the directauthentication channel, the indirect authentication channel, or theunauthenticated channel (step 910).

The server 120 performs a check to determine if the authenticationchannel used to initiate the transfer of the second quantity ofresources is the same as the first authentication channel (step 920).For example, the first authentication channel may be the directauthentication channel and as such the server 120 performs a check todetermine if the authentication channel used to initiate the transfer ofthe second quantity of resources was also the direct authenticationchannel.

When the authentication channel used to initiate the transfer of thesecond quantity of resources is the same as the first authenticationchannel, the server 120 continues to a method 1000 shown in FIG. 10 .The operations included in method 1000 may be performed by the server120. For example, computer-executable instructions stored in memory ofthe server 120 may, when executed by one or more processors, configurethe server 120 to perform the method 1000 or a portion thereof.

When the server 120 finds a data record, based on the identity data,that initiated a transfer of resources using the same authenticationchannel as the first authentication channel, the server 120 compares thesum of the first quantity of resources and the second quantity ofresources to the first threshold (step 1010).

When the server 120 determines that the sum of the first quantity ofresources and the second quantity of resources is less than (or equalto) the first threshold, the server 120 initiates the transfer of thefirst quantity of resources (step 1020).

To initiate the transfer of the first quantity of resources, the server120 may process payment based on the user's account or credit card andmay initiate obtaining and sending the first quantity of resources tothe user based on the obtained identity data.

When the server 120 determines that the sum of the first quantity ofresources and the second quantity of resources is greater than the firstthreshold, the server 120 determines a third quantity of resources thatis determined as a difference between the first threshold and the secondquantity of resources (step 1030).

The server 120 compares the third quantity of resources to zero (step1040).

When the third quantity of resources is equal to zero, this indicatesthat the user has reached their daily limit for transferring resourcesand as such the request to transfer the first quantity of resources isrejected (step 1050). The server 120 may send, via the communicationsmodule and to the computing device 110, a signal causing the computingdevice 110 to display a notification indicating that the request cannotbe completed as the user has reached the limit for that particular timeperiod. The notification may also indicate a time when the user caninitiate another request. For example, the notification may say “Youhave reached your daily limit. Please try again tomorrow.”

When the third quantity of resources is not equal to zero, the server120 initiates the transfer of the third quantity of resources (step1060). Prior to initiating the transfer of the third quantity ofresources, the server 120 may send, via the communications module and tothe computing device 110, a signal causing the computing device 110 todisplay a notification indicating the third quantity of resources. Thesignal may cause the computing device 110 to display a prompt includingselectable options that may be selected by the user to accept or rejecttransfer of the third quantity of resources. The transfer of the thirdquantity of resources may be initiated in response to the server 120receiving a signal, via the communications module and from the computingdevice 110, indicating that the user has accepted the transfer.

To initiate the transfer of the third quantity of resources, the server120 may process payment based on the user's account or credit card andmay initiate obtaining and sending the third quantity of resources tothe user based on the obtained identity data.

Referring back to FIG. 9 , during step 920, when the authenticationchannel used to initiate the transfer of the second quantity ofresources is different than the first authentication channel, the server120 continues to a method 1100 shown in FIG. 11 . The operationsincluded in method 1100 may be performed by the server 120. For example,computer-executable instructions stored in memory of the server 120 may,when executed by one or more processors, configure the server 120 toperform the method 1100 or a portion thereof.

When the server 120 finds a data record, based on the identity data,that initiated a transfer of resources using a different authenticationchannel than the first authentication channel, the server 120 comparesthe sum of the first quantity of resources and the second quantity ofresources to the first threshold (step 1110).

When the server 120 determines that the sum of the first quantity ofresources and the second quantity of resources is less than (or equalto) the first threshold, the server 120 initiates the transfer of thefirst quantity of resources (step 1120).

To initiate the transfer of the first quantity of resources, the server120 may process payment based on the user's account or credit card andmay initiate obtaining and sending the first quantity of resources tothe user based on the obtained identity data.

When the server 120 determines that the sum of the first quantity ofresources and the second quantity of resources is greater than the firstthreshold, the server 120 determines a third quantity of resources thatis determined as a difference between the first threshold and the secondquantity of resources (step 1130).

The server 120 compares the third quantity of resources to zero (step1140).

When the third quantity of resources is equal to zero, this indicatesthat the user has reached their daily limit for transferring resourcesand as such the request to transfer the first quantity of resources isrejected (step 1150). The server 120 may send, via the communicationsmodule and to the computing device 110, a signal causing the computingdevice 110 to display a notification indicating that the request cannotbe completed as the user has reached the limit for that particular timeperiod. The notification may also indicate a time when the user caninitiate another request. For example, the notification may say “Youhave reached your daily limit. Please try again tomorrow.”

When the third quantity of resources is not equal to zero, the server120 initiates the transfer of the third quantity of resources (step1160). Prior to initiating the transfer of the third quantity ofresources, the server 120 may send, via the communications module and tothe computing device 110, a signal causing the computing device 110 todisplay a notification indicating the third quantity of resources. Thesignal may cause the computing device 110 to display a prompt includingselectable options that may be selected by the user to accept or rejecttransfer of the third quantity of resources. The transfer of the thirdquantity of resources may be initiated in response to the server 120receiving a signal, via the communications module and from the computingdevice 110, indicating that the user has accepted the transfer.

To initiate the transfer of the third quantity of resources, the server120 may process payment based on the user's account or credit card andmay initiate obtaining and sending the third quantity of resources tothe user based on the obtained identity data.

Another embodiment of operations performed by the server 120 will now bedescribed. FIG. 12 is a flowchart showing operations performed by theserver 120 according to an embodiment. The operations may be included ina method 1200 which may be performed by the server 120. For example,computer-executable instructions stored in memory of the server 120 may,when executed by one or more processors, configure the server 120 toperform the method 1200 or a portion thereof.

Steps 1210 to 1240 of method 1200 are generally identical to that ofsteps 610 to 640 of method 600, respectively.

Once identity data associated with the request to transfer the firstquantity of resources is obtained (step 1240), the server 120

The server 120 determines, based on the identity data, that a request totransfer a second quantity of resources has been previously initiated bythe user via a second authentication channel that is different than thefirst authentication channel (step 1250). In this embodiment, the server120 searches the database for data records that have been created withina particular time period, such as for example within the same day. Putanother way, the server 120 searches the database for data records thatmay be relevant to the daily limit for transferring resources. Withinthe data records that have been created within the particular timeperiod, the server 120 searches for data records that include at leastsome matching identity data to the obtained identity data. For example,the server 120 may search the database based on the user's name and/oraddress.

When the server 120 finds one or more data records that include at leastsome matching identity data, that is, the identity data includes atleast the same name and/or address, the server 120 obtains the quantityof resources stored in the one or more data records (which may bereferred to as the second quantity of resources) that were previouslyinitiated by the user within the time period. The server 120 alsoobtains information identifying the authentication channel used toinitiate the transfer of the second quantity of resources. Theauthentication channel may be the direct authentication channel, theindirect authentication channel, or the unauthenticated channel.

The server 120 performs a check to determine if the authenticationchannel used to initiate the transfer of the second quantity ofresources is the same as the first authentication channel. When it isdetermined that the authentication channel used to initiate the transferof the second quantity of resources is different than the firstauthentication channel, the server 120 determines, based on the identitydata, that a request to transfer a second quantity of resources has beenpreviously initiated by the user via a second authentication channelthat is different than the first authentication channel.

The server 120 determines that the sum of the first quantity ofresources and the second quantity of resources is less than the firstthreshold, and in response to determining that the sum of the firstquantity of resources and the second quantity of resources is less thanthe first threshold, initiates the transfer of the first quantity ofresources (step 1260).

The server 120 compares the sum of the first quantity of resources andthe second quantity of resources to the first threshold, that is, thethreshold associated with the first authentication channel. In responseto determining that the sum of the first quantity of resources and thesecond quantity of resources is less than the first threshold, theserver 120 initiates the transfer of the first quantity of resources.

To initiate the transfer of the first quantity of resources, the server120 may process payment based on the user's account or credit card andmay initiate obtaining and sending the first quantity of resources tothe user based on the obtained identity data.

In the above embodiments, each time request to transfer a quantity ofresources is initiated, the server 120 stores a data record of therequest in the database. The data record may include a quantity (amountand/or value) of the resources, a type of the resources, identity dataassociated with a customer or user purchasing or requesting transfer ofthe resources, and information indicating an authentication channel usedto initiate the transfer of resources. Using the above describedembodiments, the server 120 ensures that user's have not exceeded theirlimit of transferring or purchasing resources by initiating the transferof resources or purchasing resources using different authenticationchannels.

Although in embodiments identity data is described as including a user'sname and address, it will be appreciated that additional or alternativetypes of identity data may be included. For example, a user's accountnumber or credit card number may be included as identity data.

Example embodiments of the present application are not limited to anyparticular operating system, system architecture, mobile devicearchitecture, server architecture, or computer programming language.

It will be understood that the applications, modules, routines,processes, threads, or other software components implementing thedescribed method/process may be realized using standard computerprogramming techniques and languages. The present application is notlimited to particular processors, computer languages, computerprogramming conventions, data structures, or other such implementationdetails. Those skilled in the art will recognize that the describedprocesses may be implemented as a part of computer-executable codestored in volatile or non-volatile memory, as part of anapplication-specific integrated chip (ASIC), etc.

As noted certain adaptations and modifications of the describedembodiments can be made. Therefore, the above discussed embodiments areconsidered to be illustrative and not restrictive.

What is claimed is:
 1. A server comprising: a communications module; aprocessor coupled with the communications module; and a memory coupledto the processor and storing processor-executable instructions which,when executed by the processor, configure the processor to: receive, viathe communications module and from a computing device, a signalrepresenting a request to transfer a first quantity of resources via afirst authentication channel, the request including identity data;determine, based on the identity data, that a request to transfer asecond quantity of resources has been previously initiated via a secondauthentication channel that is different than the first authenticationchannel; and responsive to determining that the request to transfer thesecond quantity of resources has been previously initiated via thesecond authentication channel that is different than the firstauthentication channel, perform an action.
 2. The server of claim 1,wherein the action includes one of initiate the transfer of the firstquantity of resources, initiate a transfer of a third quantity ofresources, or reject the transfer of the first quantity of resources. 3.The server of claim 1, wherein when performing the action, theprocessor-executable instructions, when executed by the processor,further configure the processor to: determine that a sum of the firstquantity of resources and the second quantity of resources is less thana first threshold; and initiate the transfer of the first quantity ofresources.
 4. The server of claim 3, wherein the first threshold definesa maximum quantity of a particular type of resource that may betransferred within a particular time period.
 5. The server of claim 1,wherein when performing the action, the processor-executableinstructions, when executed by the processor, further configure theprocessor to: determine that a sum of the first quantity of resourcesand the second quantity of resources exceeds a first threshold; andinitiate a transfer of a third quantity of resources that is determinedas a difference between the first threshold and the second quantity ofresources.
 6. The server of claim 1, wherein when performing the action,the processor-executable instructions, when executed by the processor,further configure the processor to: determine that the second quantityof resources exceeds a first threshold; and reject the transfer of thefirst quantity of resources.
 7. The server of claim 1, wherein the firstauthentication channel is associated with a first threshold and thesecond authentication channel is associated with a second threshold thatis different than the first threshold.
 8. The server of claim 7, whereinthe first threshold defines a first maximum quantity of resources thatmay be purchased using the first authentication channel and the secondthreshold defines a second maximum quantity of resources that may bepurchased using the second authentication channel.
 9. The server ofclaim 1, wherein one of the first authentication channel or the secondauthentication channel includes a direct authentication channel thatcomprises authenticating based on a username and password.
 10. Theserver of claim 9, wherein the other of the first authentication channelor the second authentication channel does not require the username andpassword.
 11. The server of claim 1, wherein one of the firstauthentication channel or the second authentication channel includes anindirect authentication channel that includes authenticating via adigital identity network.
 12. The server of claim 1, wherein one of thefirst authentication channel or the second authentication channelincludes an unauthenticated channel that does not requireauthenticating.
 13. A computer-implemented method comprising: receiving,via a communications module and from a computing device, a signalrepresenting a request to transfer a first quantity of resources via afirst authentication channel, the request including identity data;determining, based on the identity data, that a request to transfer asecond quantity of resources has been previously initiated via a secondauthentication channel that is different than the first authenticationchannel; and responsive to determining that the request to transfer thesecond quantity of resources has been previously initiated via thesecond authentication channel that is different than the firstauthentication channel, performing an action.
 14. Thecomputer-implemented method of claim 13, wherein the action includes oneof initiate the transfer of the first quantity of resources, initiate atransfer of a third quantity of resources, or reject the transfer of thefirst quantity of resources.
 15. The computer-implemented method ofclaim 13, wherein performing the action includes: determining that a sumof the first quantity of resources and the second quantity of resourcesis less than a first threshold; and initiating the transfer of the firstquantity of resources.
 16. The computer-implemented method of claim 15,wherein the first threshold defines a maximum quantity of a particulartype of resource that may be transferred within a particular timeperiod.
 17. The computer-implemented method of claim 13, whereinperforming the action includes: determining that a sum of the firstquantity of resources and the second quantity of resources exceeds afirst threshold; and initiating a transfer of a third quantity ofresources that is determined as a difference between the first thresholdand the second quantity of resources.
 18. The computer-implementedmethod of claim 13, wherein performing the action includes: determiningthat the second quantity of resources exceeds a first threshold; andrejecting the transfer of the first quantity of resources.
 19. Thecomputer-implemented method of claim 13, wherein the firstauthentication channel is associated with a first threshold and thesecond authentication channel is associated with a second threshold thatis different than the first threshold.
 20. The computer-implementedmethod of claim 19, wherein the first threshold defines a first maximumquantity of resources that may be purchased using the firstauthentication channel and the second threshold defines a second maximumquantity of resources that may be purchased using the secondauthentication channel.
 21. The computer-implemented method of claim 13,wherein one of the first authentication channel or the secondauthentication channel includes a direct authentication channel thatcomprises authenticating based on a username and password.
 22. Thecomputer-implemented method of claim 21, wherein the other of the firstauthentication channel or the second authentication channel does notrequire the username and password.
 23. The computer-implemented methodof claim 13, wherein one of the first authentication channel or thesecond authentication channel includes an indirect authenticationchannel that includes authenticating via a digital identity network. 24.The computer-implemented method of claim 13, wherein one of the firstauthentication channel or the second authentication channel includes anunauthenticated channel that does not require authenticating.
 25. Anon-transitory computer readable storage medium comprisingcomputer-executable instructions which, when executed, configure aprocessor to: receive, via a communications module and from a computingdevice, a signal representing a request to transfer a first quantity ofresources via a first authentication channel, the request includingidentity data; determine, based on the identity data, that a request totransfer a second quantity of resources has been previously initiatedvia a second authentication channel that is different than the firstauthentication channel; and responsive to determining that the requestto transfer the second quantity of resources has been previouslyinitiated via the second authentication channel that is different thanthe first authentication channel, perform an action.